Snort mailing list archives

Re: Quick and dirty

From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 30 Jan 2013 13:11:57 -0700

On 2013-01-30 13:03, lists () packetmail net wrote:

On 01/30/2013 01:53 PM, James Lay wrote:

content:"track.php?fdic"; within:50; metadata:policy balanced-ips


I ran a Hadoop/Hive query and didn't have any hits, I assume this is 
probably
just a BHv2 gate to our typical stuff.  Thanks James for pointing 
this out.


Indeed...BHv2 is kinda boring now ;)  The amount of times I saw this 
come in I saw seven individual sessions sending emails to multiple 
people, which is why I thought I'd better sig it up.

James

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Quick and dirty James Lay (Jan 30)
- Re: Quick and dirty rmkml (Jan 30)
  - Re: Quick and dirty James Lay (Jan 30)
- Re: Quick and dirty Joel Esler (Jan 30)
  - Re: Quick and dirty James Lay (Jan 30)
    - Re: Quick and dirty lists () packetmail net (Jan 30)
    - Re: Quick and dirty James Lay (Jan 30)